On Mon, 16 Aug 2010 22:53:33 +0000, "Joseph L. Casale" <jcasale@xxxxxxxxxxxxxxxxx> wrote: > I have a working setup with squid_kerb_auth and squid_kerb_ldap for > authorization > with group membership, I want to add squid_ldap_auth for a basic > auth_param but > when a client falls back to basic and uses squid_ldap_auth, > squid_kerb_ldap errors > out. I have set the default domain in squid_kerb_ldap. Will > squid_kerb_ldap not > work without a kerb client? I thought it's authorization to AD was based > on the > servers machine account. > > Missing something obvious here... > > Thanks! > jlc I think its a matter of "username" (Basic) vs "DOMAIN@username" (Kerberos). You can test this by replacing the group lookup with a fake external_acl_helper which logs the credentials passed to the group helper. Doing a few requests through both auth mechanisms will show you what difference the group helper sees. Amos
